WordPress user roles explained
WordPress is the most popular Content Management System (CMS) for building websites, and it handles the “management” part excellently with different user roles. If you’re the only person managing your website’s backend, you’ve probably never bothered about WordPress user roles. However, if you share access to your WordPress admin area with other people, user roles can help you control what each user can and can’t do on your website. These predefined roles ensure that no one has more access or “power” than they need.
For instance, your content writers shouldn’t be able to install or uninstall plugins at will, only a developer should be able to do that. Besides plugins and themes, user roles help you manage who has permission to write posts, create new pages, moderate comments, and add new users. In this guide, we’ll cover everything you need to know about default WordPress user roles, their capabilities, and how you can better manage and safeguard your site as it grows.
These capabilities should not be available to everyone and should be assigned with caution. A single mistake in your code can take down your entire site and a malicious plugin can expose it to cyber threats. Hence, when adding new users, ensure that no one has more access than they need to do their job. Apart from adding and switching themes, Admins can customize the appearance of the site and edit everything from widgets to menus, colors, and fonts. Admins can also create, edit, and remove any type of content on the website, including those added by other users. They can publish new categories, tags, and taxonomies and manage existing ones at any time.
On a regular website with multiple users, the Administrator role should rarely be assigned to any other users apart from the website owner. Ideally, you want only one Admin user on your WordPress site. If you must grant access to anyone, such as a third-party plugin developer, we recommend revoking that access once their job is done. However, the Administrator role is not to be confused with the Super Administrator role. The highest user role in a standard WordPress installation is the Administrator, but in a multi-site network (multiple sites on one WordPress installation), the Super Administrator role is the most powerful. WordPress reserves some Admin capabilities for the Super Admin to effectively and safely manage the network and its users. In this case, you should have only one Super Admin and assign Admin roles only to people you trust to manage each website in the network. No matter your WordPress setup, ensure that your Admin user account is secured with a strong password and two-factor authentication to protect your site. As the admin, you must also be forthcoming with site maintenance and regular backups to keep the engine oiled for other users.
The Editor role has the second-highest number of capabilities and privileges in the WordPress user roles hierarchy, after the Administrator. As the name implies, editors have total control over all things related to content on your site. The Editor user role has all the required permissions to create, edit, publish, manage, and delete content on your site, including content created by the Administrator, another Editor, and other lower user roles. Editor users can also create and publish new pages on your website as well as edit or remove pages created by other users. Visual media usually accompany web content like images and videos, and web pages need links that users can use to navigate your website. Hence, users with Editor roles can upload files to your WordPress Media Library and add links to the page and posts they create. Comments are also within the purview of “content,” so users with the Editor role can moderate comments your readers post. They can edit, approve and remove any comments at their discretion.
For the Editor role, the WordPress admin area is slightly different than for Administrators to restrict access to site management settings. Since it is tailored towards content management, there are fewer options and tabs, but it is more than enough to manage your content. For instance, an Editor can also make changes to the categories, tags, and taxonomies on your website, whether they created them or not. Unlike Admins, Editors can’t make changes to your website’s settings, install plugins and themes, or add new users to the fold. Nonetheless, this WordPress user role holds a considerably high level of access to your website, so you should assign it with care. The role should go to your content manager and not individual contributors like authors. Suppose you’re the Administrator, but you’re also doubling as a content manager. In that case, you can create a different user role with Editor permissions to streamline your workflow and further safeguard your website. This way, even if your Editor account is hacked, your admin account is still protected, and you can delete the compromised account.
WordPress users with an Author role can write, add, edit, publish and delete posts that they wrote. The main difference between the Author and Editor roles is that Authors can’t view or manage posts added by other users. However, like Editors, they can add files to the Media Library and use files added by other users, which makes sense considering that they may want to reuse certain media in their posts. This WordPress user role can also take advantage of reusable blocks in the editor like common snippets, links, and CTAs to produce great content that is consistent with your content guidelines. Its users can create reusable blocks, but they can only edit and delete blocks they made.
When it comes to comments on those posts, WordPress, by default, allows users with Author roles to view comments on their posts, but they cannot moderate them. Authors can even view comments that are pending review, but they can’t approve or delete them. Likewise, Authors can’t add new categories to your WordPress website, but they can use categories created by an Editor or Admin user. Tags are a different story, though, as WordPress allows them to add tags to their posts. Authors lack administrative capabilities like updating WordPress, installing themes and plugins, editing code, or making site-wide changes.
The role of authors is pretty straightforward; they create content and nothing more. In an organization with a dedicated team of content creators, you should assign the Author role to individual writers or reporters who do just that. Still, it would be best to keep in mind that authors have total control over the content they create. Assigning the role to just about anyone can cause problems if an author who is leaving your company decides to delete their posts. It might be safer to assign new content creators a role with lesser permissions.
On the front end, WordPress may display the author’s info on the content they create. WordPress also allows Authors to add biographical information about themselves, such as a photo, full name, social media links, and location that your readers can see. By default, WordPress displays an archive of the posts written by an Author upon clicking their profile.
The Contributor is the perfect WordPress user role for new or one-off content creators on your site. It is basically a stripped-down version of the Author role, and the most significant difference between them is that Contributors can’t publish posts. Upon adding a post, it is saved as a draft that only an Editor or an Administrator user can review and publish. Once the post is published, Contributors no longer have access to it and, therefore, can’t edit or delete it. Any future edits can only be done by Editor and Administrator users, who, by default, have the power to edit any post by any user.
As you can see, the Contributor role is quite limited, but it comes in handy if you want to collect user-submitted content that need to be edited and reviewed before publishing. The other peculiar difference is that they can’t add images or files to the Media Library. However, they can read reusable blocks, although they can create, edit or delete them. Contributors are blocked from making changes that may affect your site’s design and functionality. They can’t add new categories, but they classify their drafts under existing categories and add new tags to their posts. Contributors can also view comments on their posts, but they can’t moderate them.
At the bottom of the WordPress user roles hierarchy is the Subscriber, but they also have their place and can be pretty valuable. But first, let’s discuss their permissions. Subscribers can create and manage a profile on your WordPress site, read posts, and post comments. That is pretty much it. Subscriber is the only WordPress user role that isn’t allowed to create posts or edit them. Depending on how your site works, Subscribers may be able to interact with other Subscribers or users, but they can’t access your admin area or use the editor.
The subscriber role is an excellent tool for marketing purposes. It is commonly used on subscription-based sites to deliver restricted content to only logged-in users. The role is inherently safe since its users can’t make any changes except to their profiles. Even if you don’t use a subscription-based model, you can allow your visitors to register on your site to make them feel included. Also, it can be used to allow certain people access to additional content like newsletters, whether they’re paid subscribers or not. The Subscriber user role also includes people who have subscribed to your RSS feed and mailing lists.
Want more WordPress user roles?
One of the great things about WordPress user roles is that you don’t have to be a website developer to create and manage them. All you need is an Administrator user account and the user’s info. Start by clicking on Users in your WordPress dashboard and then clicking on the Add New button at the top of the Users page. To add new users, fill in the required info for the user, including the name, username, email, and password. Next, assign the desired role from the list of options in the dropdown menu. Click Add New User and you’re done!
Easy enough right? But you can take user roles a step further by customizing the permissions allowed for predefined roles or adding new roles with your desired set of capabilities. Suppose you want to add a user who can only read and edit posts but you don’t want them to be able to create or delete posts, none of the default user roles would work for you. In this case, you have two options. Ask your developer to add some code or use a plugin like the Members plugin by MemberPress to create new roles to suit your needs.